965826 – Some Resource adapter classes are exposing the password on its toString

Bug 965826 - Some Resource adapter classes are exposing the password on its toString

Summary: Some Resource adapter classes are exposing the password on its toString

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	HornetQ
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ER7
Target Release:	EAP 6.1.1
Assignee:	Clebert Suconic
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-05-21 19:57 UTC by Clebert Suconic
Modified:	2013-09-16 20:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-16 20:26:07 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	HORNETQ-1211	0	Major	Closed	Some Resource adapter classes are exposing the password on its toString	2013-09-17 06:54:24 UTC

Description Clebert Suconic 2013-05-21 19:57:59 UTC

Description of problem:

toString() with password exposed


Version-Release number of selected component (if applicable):
2.3.0.Final

How reproducible:
Always

Steps to Reproduce:
1. Look at the logs for the password exposed on the toString

Actual results:


Expected results:
password masked or hidden


Additional info:

It's a minor issue as the log should be protected with authorization requests

Comment 3 Miroslav Novak 2013-08-22 09:04:58 UTC

BZ is in incorrect state. Fix for this issue is present in EAP 6.1.1.ER7(HQ 2.3.5.Final) 

Verified be reading the code in EAP 6.1.1.ER7. Great work, Clebert!

Note You need to log in before you can comment on or make changes to this bug.